Privacy Policy | Copylion

Copylion ("Company," "we," "us," or "our") operates the website www.copylion.ai and the Copylion platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Service. By using the Service, you consent to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide

Account information: Name, email address, and authentication credentials when you create an account (via Auth0)
Billing information: Payment method details processed through Stripe. We do not store your full credit card number — Stripe handles payment processing as a PCI-compliant payment processor
Content inputs: Keywords, briefs, instructions, company profiles, audience definitions, and other materials you provide for content generation
Support communications: Messages, emails, and feedback you send to our support team

1.2 Information Collected Automatically

Usage data: Pages visited, features used, actions taken within the platform, content generation history, and credit usage
Device and browser information: IP address, browser type, operating system, device type, screen resolution, and language preferences
Log data: Server logs including access times, referring URLs, and error reports
Cookies and similar technologies: See Section 5 (Cookies and Tracking Technologies) below

1.3 Information from Third Parties

Authentication providers: Profile information from Auth0 (name, email, profile picture) when you sign in
Payment processor: Transaction status, subscription details, and billing events from Stripe
Advertising platforms: Conversion data and audience insights from advertising partners (such as Google Ads, Meta, or LinkedIn) when you interact with our ads before visiting the Service

2. How We Use Your Information

We use the information we collect to:

Provide the Service: Generate content, manage your account and workspaces, process payments, and deliver features you request
Improve the Service: Analyze usage patterns, identify bugs, optimize performance, and develop new features
Communicate with you: Send transactional emails (account confirmations, billing receipts, usage alerts), respond to support requests, and provide product updates
Marketing and advertising: Send promotional communications about new features, content tips, or offers (with your consent where required). You can opt out at any time
Measure advertising effectiveness: Track conversions from ad campaigns, build lookalike audiences, and retarget visitors who have interacted with our website or ads
Ensure security: Detect fraud, prevent abuse, enforce our Terms of Service, and protect the integrity of the platform
Legal compliance: Fulfill legal obligations, respond to lawful requests, and protect our rights

3. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

3.1 Service Providers

We share information with third-party vendors who perform services on our behalf, including:

Auth0 — Authentication and identity management
Stripe — Payment processing and subscription management
Neon / PostgreSQL — Database hosting and storage
Vercel — Website hosting and deployment
OpenAI / Anthropic — AI content generation (your content inputs are sent to AI providers to generate articles; see Section 7 for details)
Resend — Transactional email delivery

These providers are contractually obligated to use your information only as necessary to provide their services to us and to maintain appropriate security measures.

3.2 Advertising and Analytics Partners

We work with advertising and analytics partners to measure the effectiveness of our marketing campaigns and understand how visitors interact with our website. These partners may include:

Google Analytics / Google Ads — Website analytics, conversion tracking, and remarketing
Meta (Facebook / Instagram) — Conversion tracking via the Meta Pixel and custom audience targeting
LinkedIn — Conversion tracking and matched audience targeting for B2B advertising

These partners may use cookies, pixels, and similar technologies to collect information about your interactions with our website and other websites to provide targeted advertising. See Section 5 for details on managing these technologies.

3.3 Content Delivery Integrations

When you use our delivery features (WordPress publishing, Google Drive export, etc.), your generated content is transmitted to those third-party platforms at your direction. Your use of those platforms is governed by their respective privacy policies.

3.4 Legal Requirements

We may disclose your information if required by law, legal process, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.

3.5 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

4. Data Retention

We retain your information for as long as necessary to:

Maintain your account and provide the Service
Comply with legal obligations (e.g., tax and billing records)
Resolve disputes and enforce our agreements

Generated content is retained in your account until you delete it or your account is terminated. After account termination, we may retain anonymized or aggregated data for analytics purposes. Billing records are retained for a minimum of 7 years as required by tax regulations.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies for the following purposes:

5.1 Essential Cookies

Required for the Service to function. These include session cookies for authentication, CSRF protection tokens, and preference storage. These cannot be disabled.

5.2 Analytics Cookies

Help us understand how visitors interact with our website. We use tools such as Google Analytics to collect information about page views, session duration, bounce rates, and user flows. This data is aggregated and does not personally identify you.

5.3 Advertising Cookies

Used by our advertising partners to deliver relevant ads, measure campaign effectiveness, and build audience profiles. These may include:

Google Ads conversion tracking and remarketing tags
Meta Pixel for Facebook and Instagram ad measurement
LinkedIn Insight Tag for B2B conversion tracking

5.4 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling essential cookies may prevent the Service from functioning properly. You can also opt out of interest-based advertising through:

Google: Google Ads Settings
Meta: Facebook Ad Preferences
Industry opt-out: Digital Advertising Alliance

6. Data Security

We implement commercially reasonable security measures to protect your information, including:

Encryption of data in transit using TLS/SSL
Encryption of sensitive data at rest
Access controls limiting employee access to personal data
Regular security reviews and monitoring
Secure payment processing through Stripe (PCI DSS Level 1 compliant)
Authentication managed through Auth0 with industry-standard protocols

While we take reasonable precautions, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

7. AI Content Generation and Your Data

When you use the Service to generate content, your inputs (keywords, briefs, instructions, and related context) are sent to third-party AI providers (such as OpenAI or Anthropic) to generate articles. Important details:

Your inputs are used solely for generating the requested content and are not used to train AI models (subject to the AI provider's API data usage policies)
Generated content is stored in your account and is not shared with other users
We do not use your generated content for our own marketing or training purposes without your explicit consent
AI providers may temporarily process your data on their servers in accordance with their API terms of service

8. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

8.1 All Users

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate information
Deletion: Request deletion of your account and associated data
Marketing opt-out: Unsubscribe from promotional emails at any time using the link in each email or by contacting us
Data export: Download your generated content through the Service

8.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the CCPA/CPRA:

Right to know what personal information we collect, use, and disclose
Right to delete your personal information
Right to opt out of the sale or sharing of personal information
Right to non-discrimination for exercising your rights
Right to correct inaccurate personal information
Right to limit use of sensitive personal information

We do not sell personal information as defined by the CCPA. We may share information with advertising partners for targeted advertising, which may constitute "sharing" under the CPRA. You can opt out of this sharing by managing your cookie preferences as described in Section 5.4.

8.3 European Economic Area / UK Residents (GDPR)

If you are in the EEA or UK, you have additional rights under GDPR:

Right of access to your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent at any time

Our legal bases for processing personal data include: performance of a contract (to provide the Service), legitimate interests (to improve and market the Service), consent (for marketing communications and non-essential cookies), and legal obligation (for tax and compliance purposes).

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. When we transfer data internationally, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, or other legally recognized transfer mechanisms.

10. Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us and we will promptly delete it.

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you interact with.

12. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. There is currently no industry standard for responding to DNT signals. We do not currently respond to DNT signals, but you can manage tracking preferences through your cookie settings as described in Section 5.4.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

Update the "Last updated" date at the top of this page
Notify you by email or through a prominent notice on the Service for significant changes

Your continued use of the Service after changes are posted constitutes acceptance of the updated policy. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have a privacy concern, please contact us at:

Email: [email protected]
General support: [email protected]

We will respond to all privacy-related requests within 30 days (or within the timeframe required by applicable law).